I believe it is fake anti-virus called "antivir something". It wont let me do anything and disabled internet in windows. I'm running Linux on live CD right now. Microsoft Security Essentials can't detect the fake program. Does anyone know where the EXE is located so I can delete it manually?
| |
|
Welcome to KnowledgeSutra - Dear Guest 
, Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply
w/o Sign-Up!
| |
0
13 replies to this topic
#2
-
- Kontributors
-
- 2,025 posts
Trap Double Mocha Member
- Gender:Male
- Interests:Working on my Rift fansite
- myCENT:56.86
-
Posted 02 August 2010 - 07:30 PM
NNNOOOOOO, on 02 August 2010 - 05:35 PM, said:
I believe it is fake anti-virus called "antivir something". It wont let me do anything and disabled internet in windows. I'm running Linux on live CD right now. Microsoft Security Essentials can't detect the fake program. Does anyone know where the EXE is located so I can delete it manually?
Seems to me like it may have things in your auto run on startup, as well as your registry.
I'd suggest booting up in safe mode and checking your start up programs. It's very likely that all you have to do is disable that and you'll be good to go.
#3
-
- Kontributors
-
- 146 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 02 August 2010 - 08:26 PM
rpgsearcherz, on 02 August 2010 - 07:30 PM, said:
Seems to me like it may have things in your auto run on startup, as well as your registry.
I'd suggest booting up in safe mode and checking your start up programs. It's very likely that all you have to do is disable that and you'll be good to go.
I'd suggest booting up in safe mode and checking your start up programs. It's very likely that all you have to do is disable that and you'll be good to go.
#4
-
- Kontributors
-
- 146 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 02 August 2010 - 09:00 PM
Nvm. I reported it to Microsoft.
I fixed the internet. Only Firefox was working. I managed to get the others to work because that fake antivirus enabled proxy. I had to disable it. now it works fine.
I fixed the internet. Only Firefox was working. I managed to get the others to work because that fake antivirus enabled proxy. I had to disable it. now it works fine.
Edited by NNNOOOOOO, 03 August 2010 - 12:22 AM.
#5
-
- Kontributors
-
- 146 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 03 August 2010 - 04:05 PM
Email from Microsoft:
Quote
The Microsoft Malware Protection Center (MMPC) strives to keep you informed about the status of your submission.
Analysis of the file(s) in Submission ID MMPC10080238706584 is now complete.
This is the final email that you will receive regarding this submission.
You can view your submission online at the following link:
You can view your submission online at http://www.microsoft...F8-A83682650290
The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on 8/2/2010 1:56:29 PM Pacific Time.
Below is the determination for your submission.
========
Submission ID MMPC10080238706584
Submitted Files
=============================================
dhktunmtssd.exe [Trojan:Win32/FakeSpypro]
The following links contain more information regarding the detections listed above:
http://go.microsoft....in32/FakeSpypro
Your submission was scanned using antimalware definition version 1.87.1119.0.
========
Detections listed above are included in the latest pre-release signatures and made available in the following formats:
For Microsoft Antimalware products including; Microsoft Forefront products, Microsoft Security Essentials or Windows Live OneCare:
* 32 bit operating systems:
http://go.microsoft..../?LinkID=181947
* 64 bit operating systems:
http://go.microsoft..../?LinkID=181948
For Microsoft Antispyware products including; Windows Defender:
* 32 bit operating systems:
http://go.microsoft..../?LinkID=182292
* 64 bit operating systems:
http://go.microsoft..../?LinkID=182293
The following link explains how to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system:
http://support.micro...kb/827218/en-us
Alternatively, detections listed above are included as an update and made available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.
The latest antimalware definition update is always available for download at the following location:
http://go.microsoft..../?LinkID=110446
If you have questions relating to this submission please contact mailto:mmpcres@microsoft.com and reference your submission ID.
========
Additional Help
For more information about updating definitions and answers to other questions, visit the following link:
http://www.microsoft....aspx#new_defns
Protection updates are also be available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.
The Microsoft Malware Protection Center (MMPC) Portal is continuously updated with detailed information about threats and definitions for Microsoft's Security related products.
You can visit the MMPC Portal at: http://go.microsoft..../?linkid=114450
If you believe that any file that you submitted is being incorrectly detected or you have questions relating to this submission, please contact mailto:mmpcres@microsoft.com and reference your submission ID.
If you need immediate assistance and information on best practices for removing malware in your environment, additional support options are available at the following websites:
For IT Professionals -
http://support.micro...p/securityitpro
For Home Users -
http://support.micro...pr=securityhome
Thank you,
Microsoft Malware Protection Center
Analysis of the file(s) in Submission ID MMPC10080238706584 is now complete.
This is the final email that you will receive regarding this submission.
You can view your submission online at the following link:
You can view your submission online at http://www.microsoft...F8-A83682650290
The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on 8/2/2010 1:56:29 PM Pacific Time.
Below is the determination for your submission.
========
Submission ID MMPC10080238706584
Submitted Files
=============================================
dhktunmtssd.exe [Trojan:Win32/FakeSpypro]
The following links contain more information regarding the detections listed above:
http://go.microsoft....in32/FakeSpypro
Your submission was scanned using antimalware definition version 1.87.1119.0.
========
Detections listed above are included in the latest pre-release signatures and made available in the following formats:
For Microsoft Antimalware products including; Microsoft Forefront products, Microsoft Security Essentials or Windows Live OneCare:
* 32 bit operating systems:
http://go.microsoft..../?LinkID=181947
* 64 bit operating systems:
http://go.microsoft..../?LinkID=181948
For Microsoft Antispyware products including; Windows Defender:
* 32 bit operating systems:
http://go.microsoft..../?LinkID=182292
* 64 bit operating systems:
http://go.microsoft..../?LinkID=182293
The following link explains how to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system:
http://support.micro...kb/827218/en-us
Alternatively, detections listed above are included as an update and made available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.
The latest antimalware definition update is always available for download at the following location:
http://go.microsoft..../?LinkID=110446
If you have questions relating to this submission please contact mailto:mmpcres@microsoft.com and reference your submission ID.
========
Additional Help
For more information about updating definitions and answers to other questions, visit the following link:
http://www.microsoft....aspx#new_defns
Protection updates are also be available via the MMPC Portal and via Microsoft Windows Update in the next regularly scheduled release.
The Microsoft Malware Protection Center (MMPC) Portal is continuously updated with detailed information about threats and definitions for Microsoft's Security related products.
You can visit the MMPC Portal at: http://go.microsoft..../?linkid=114450
If you believe that any file that you submitted is being incorrectly detected or you have questions relating to this submission, please contact mailto:mmpcres@microsoft.com and reference your submission ID.
If you need immediate assistance and information on best practices for removing malware in your environment, additional support options are available at the following websites:
For IT Professionals -
http://support.micro...p/securityitpro
For Home Users -
http://support.micro...pr=securityhome
Thank you,
Microsoft Malware Protection Center
#6
-
- Kontributors
-
- 761 posts
You can tune a guitar but you can't tuna fish.
- Gender:Male
- Location:Canada
- myCENT:23.50
Posted 03 August 2010 - 04:24 PM
Good job getting rid of the virus. Make sure you check this also for the virus if you haven't already:
Click Start button --> RUN --> Type in "msconfig"
This will open a window, look for both a "Start-up" tab and "Services" tab.
In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.
Click Start button --> RUN --> Type in "msconfig"
This will open a window, look for both a "Start-up" tab and "Services" tab.
In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.
#7
-
- Kontributors
-
- 146 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 03 August 2010 - 04:56 PM
rob86, on 03 August 2010 - 04:24 PM, said:
Good job getting rid of the virus. Make sure you check this also for the virus if you haven't already:
Click Start button --> RUN --> Type in "msconfig"
This will open a window, look for both a "Start-up" tab and "Services" tab.
In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.
Click Start button --> RUN --> Type in "msconfig"
This will open a window, look for both a "Start-up" tab and "Services" tab.
In addition to the Start-up folder, viruses can sometimes be found these two different parts of windows and will come back when you reboot. Look for anything suspicious.
#8
-
- Kontributors
-
- 761 posts
You can tune a guitar but you can't tuna fish.
- Gender:Male
- Location:Canada
- myCENT:23.50
Posted 03 August 2010 - 05:55 PM
NNNOOOOOO, on 03 August 2010 - 04:56 PM, said:
What's the "qilfugcd" item?
gilfugcd was one of the things that run on startup? No idea what it is, but there's no match on Google for it so could be a bunch of random letters used by a virus. Any more information on it? Is it under services or the other tab? What is the path to it on your harddrive if it has one? Does it show a "Manufacturer" ?
#9
-
- Kontributors
-
- 146 posts
Advanced Member
- Gender:Male
- Location:London, KY, USA
- Interests:Electronics, Vb Scripting (as in type in notepad, save as *.vbs)
Posted 03 August 2010 - 10:35 PM
rob86, on 03 August 2010 - 05:55 PM, said:
gilfugcd was one of the things that run on startup? No idea what it is, but there's no match on Google for it so could be a bunch of random letters used by a virus. Any more information on it? Is it under services or the other tab? What is the path to it on your harddrive if it has one? Does it show a "Manufacturer" ?
Startup item: qilfugcd Manufacturer: Unknown Command: C:\Users\John\AppData\Local\plwwththi\dhktunmtssd.exe (I now realise that that was the virus file I deleted) Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Date disabled:
I'll go delete the registry for it now.
Reply to this topic
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
